Unrated severityNVD Advisory· Published Apr 6, 2008· Updated Jun 16, 2026
CVE-2008-1685
CVE-2008-1685
Description
gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection mechanism against integer overflow and buffer overflow attacks, and provide no diagnostic message about this removal. NOTE: the vendor has determined that this compiler behavior is correct according to section 6.5.6 of the C99 standard (aka ISO/IEC 9899:1999)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:a:gnu:gcc:4.2.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:gnu:gcc:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gcc:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gcc:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gcc:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gcc:4.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gcc:4.3.0:*:*:*:*:*:*:*
- (no CPE)range: 4.2.0 - 4.3.0
- Range: 4.2.0 - 4.3.0
Patches
Vulnerability mechanics
References
3- www.kb.cert.org/vuls/id/162289nvdUS Government Resource
- gcc.gnu.org/bugzilla/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/41686nvd
News mentions
0No linked articles in our index yet.